(dated April 05, 2024)

https://en.wikipedia.org/wiki/XZ_Utils
(dated March 29, 2024, already updated with backdoor info)

I'm on Windows. I use Peazip (fork of 7-zip) that can create XZ (LZMA)
compressed archive files, but I've never used nor felt the need to use
that compression algorithm.

While open source is nice, I too often find the contributors are overly
hidden, difficult, or impossible to determine who they are beyond what,
if anything, they themself disclose for purported identification. They
aren't open about themselves. Oddly open-source program users seems
blithe that they're using software from a mostly unknown community.
Because it is free, there's no "follow the money" tracking.

Oh, and the claim that open source is visible to anyone who wants to
investigate, is false. Open source stuff is rarely audited by an
independent. That it is open source doesn't mandate it safer than
proprietary source, just that defects or backdoors can be discoverable
*if* anyone stellar happens to investifate and makes the discovery.
Open-source devs fallback to indemnification of their legal
responsibility on any damage when using their software, or their portion
of it, claiming their effort was free and use is at-risk. Proprietary
software by known authors can end up in court.